Is Your HIT System Cloud-Ready? 3 Key Factors for Assessing Compatibility
While a mere 4 percent of the healthcare industry currently takes advantage of cloud computing, a recent MarketsandMarkets study forecasts this trend will soar within a few years, equating to nearly $5.4 billion by 2017.1 In a market now inundated with software and infrastructure options, more healthcare organizations are strategically moving their existing legacy systems to the cloud to achieve potential cost-savings as well as improved HIT system performance, future scalability (performance and storage), increased productivity and higher security.
Though the cloud's many benefits often allow healthcare organizations to better focus their resources on patient care, not every health information technology system is cloud-ready. Before hospitals or healthcare systems transition to the cloud, leaders must take a holistic approach to determining whether HIT systems are compatible. Three key factors to evaluate are connectivity, data security and the system’s architecture.
If an organization's HIT system is located offsite, there must be a very high performing and highly reliable connection to the system — including built-in redundancies — so it can always be accessed even under disastrous conditions. Whether an HIT system is local or remote, losing access to essential information like medication lists or health histories contained in patient electronic health records could be detrimental to patient safety and care.
First, hospital executives and health information management professionals need to determine the service levels they must have to safely and reliably maintain access to their systems. These include performance (speed of individual transactions), bandwidth (how many transactions can be accommodated at one time), reliability (what is sent is what is received), and availability (percentage of time available). Then, working with network service providers, they must evaluate and balance the costs associated with the desired service level. For example, 99.99 percent availability may be possible, but might be cost prohibitive. Redundancy is the most important part of achieving connectivity because the hospital needs to ensure that if the utility backhoe on the west side cuts the network line, the line on the east side will provide continuity. If the current network does not meet the desired service levels, it must be upgraded or replaced.
Healthcare executives understand the importance of data security and the implications of potential breaches, which is why ensuring patient data remains secure and private is a top priority for healthcare organizations. Moving to the cloud and using secure data centers provides many safeguards that do not exist with traditional environments.
Two important factors are the physical security of the systems and the processes used to monitor and maintain security. Consider cloud services hosted in data centers assessed and certified through federal programs such as the Federal Risk and Authorization Management Program that meet standards set in the Federal Information Security Management Act. These certified cloud services providers have already gone through hundreds of physical security and process validations so that healthcare providers don't have to. However, before moving to the cloud, organizations should take the time to evaluate the security of their applications, reviewing standardized guidelines and regulations for protecting patient data (such as HIPAA), and ensuring they meet requirements for storing and processing this information
Finally, healthcare executives and HIM professionals should assess candidate software applications, reviewing hardware, software and operating system compatibility with the cloud. An effective way to do this is to conduct a readiness assessment, answering questions such as:
- On what operating system does the HIT system run? Windows® and Linux systems are the most common offered in the cloud, but a custom application on OS/2 is not likely a candidate.
- Is the HIT system architecture amendable to a cloud environment? For example, is it a web-based or client-server architecture? Is it mobile compatible?
- What interfaces exist among the systems? Are all of them moving to the cloud, or just some? What impacts might that have on the enterprise architecture, internal training and legacy knowledge?
While connectivity, security and architecture are not the only considerations, they are certainly "deal-breakers" that would immediately rule out a move to the cloud. The next step should be to perform a more thorough analysis and develop a mitigation plan to remedy any shortcomings and then reevaluate compatibility. By examining connectivity, security and system architecture upfront, HIT leaders can successfully mitigate risks that might otherwise compromise patient data or critical access to it.
Dan Ramunda is director of research and innovation at Systems Made Simple.
1 “Why Healthcare Must Embrace Cloud Computing.” Forbes.
© Copyright ASC COMMUNICATIONS 2012. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.
New From Becker's Hospital CIO